Comments on the OAuth Dynamic Client Registration Protocol
[draft-oauth-dyn-reg-v1-02]:
I found it hard to gleam from this draft where any trust in the client
information being registered comes from. Sources could be: self-asserted; PKI
with well-known roots; or DNS.
OpenID and WebID are two e
I propose that we close issue #12 (Restore WWW-Authenticate response to the
framework specification) with no action, that is each extension would handle as
they are doing now.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Barry
Leiba
Sent:
Thorsten, Justin,
Thank you for your answers, I know the spec would not address some of the
points I raised, but I was pretty sure you had some best pratices in mind.
Le 3 mai 2011 à 14:48, Lodderstedt, Torsten a écrit :
>> - More about obtaining an access token: is it possible to send additional
Hi Eric,
>- when a client requests an access token, with grant type "password" for
>>example, can the authorization server resend the same refresh token from >the
>last time the same client/resource owner combination requested an >access
>token ? That would prevent the auth database from being
Hi Barry,
Barry Leiba wrote:
There are three issues in the tracker that are just looking for
consensus on text that's in the document -- Eran had flagged them as
"pending consensus" in the -15 version. Let's look at closing those
issues now. The issues are
#8 4.1.2.1 and 4.2.2.1, text f
Hi,
I am currently implementing OAuth v2, and I have a couple questions:
- when a client requests an access token, with grant type "password" for
example, can the authorization server resend the same refresh token from the
last time the same client/resource owner combination requested an access
